We are using PRTG to monitor several windows servers in remote locations. The servers are not part of a windows domain. I'm evaluating the security implications of using remote probes for each server instead of one centralized probe on the prtg host.
What I'd like to know: - When entering Windows credentials to be used by a remote probe, are those credentials saved only on the remote probe system and not on the prtg host? - If the answer to the previous question is yes: Can the credentials be somehow retrieved in clear text by the prtg host?
Thanks for your help,
Adrian
Article Comments
Hi Moritz,
thanks for your quick reply. So, to make sure I understand this correctly: If my main PRTG server is compromised, then all passwords stored for all remote probes are also compromised?
Thanks,
Adrian
Aug, 2019 - Permalink
Hi Adrian,
yes that's correct. All passwords are stored on the PRTG Core Server and the Core Server distributes them along with the configuration to all Remote Probes.
Aug, 2019 - Permalink
Hi Moritz,
Can you please confirm that Core Server distributes ONLY passwords needed by the remote probe and NOT all the passwords of all the remote probes to each remote probe ? Thanks, F.
Feb, 2023 - Permalink
Hi there,
only the part of the PRTG configuration is shared with the Probe which effects the Probe (the corresponding part of the device tree).
Feb, 2023 - Permalink
Hi Adrian,
All passwords are stored encrypted in the PRTG configuration file. This file is transmitted to the Remote Probes, where the configuration is cached. The passwords can only retrieved in clear text by using a script/PRTG API and using the corresponding placeholders
Furthermore, regarding the plan of a "centralized probe". Please be aware that we only recommend 2500 Sensors per Probe.
Best Regards,
Moritz Heller
Paessler Tech Support
Aug, 2019 - Permalink